Bug in CTRSP800DRBG Block_Cipher_df method.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug in CTRSP800DRBG Block_Cipher_df method.

Scott .
Hello,

The method:

private byte[] Block_Cipher_df(byte[] inputString, int bitLength)

when it returns, it returns an array the size of bitLength / 2, which should be returning an array the size of bitLength / 8.

temp = new byte[bitLength / 2]; // (the line I'm referring to)

-----------------------

Also, the newer spec SP80090Ar1, does requires the nonce to be set if using the derivation function. It appears the older spec was silent on this point.

It would be nice to be able to NOT use the derivation function too, if so desired (this is an option on both the older and newer spec). Are there plans to implement r1 (or is it there and I'm just missing it?)?


Thanks,
Scott Woodward
Reply | Threaded
Open this post in threaded view
|

Re: Bug in CTRSP800DRBG Block_Cipher_df method.

David Hook-3

Thanks for that. An unexpected performance boost!

You haven't missed anything, we only support with derivation function.
There's currently no plans to support the without derivation function
option.

Regards,

David

On 22/12/17 07:48, Scott . wrote:

> Hello,
>
> The method:
>
> private byte[] Block_Cipher_df(byte[] inputString, int bitLength)
>
> when it returns, it returns an array the size of bitLength / 2, which
> should be returning an array the size of bitLength / 8.
>
> temp = new byte[bitLength / 2]; // (the line I'm referring to)
>
> -----------------------
>
> Also, the newer spec SP80090Ar1, does requires the nonce to be set if
> using the derivation function. It appears the older spec was silent on
> this point.
>
> It would be nice to be able to NOT use the derivation function too, if
> so desired (this is an option on both the older and newer spec). Are
> there plans to implement r1 (or is it there and I'm just missing it?)?
>
>
> Thanks,
> Scott Woodward